OSDev.org

The Place to Start for Operating System Developers
It is currently Fri Jan 19, 2018 7:12 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 54 posts ]  Go to page Previous  1, 2, 3, 4
Author Message
 Post subject: Re: Latest massive attack on computing systems
PostPosted: Sat Jun 24, 2017 11:59 am 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 1058
Location: Athens, GA, USA
Let me be blunt: the universal conclusion among corporations and government agencies, after years of financial analysis, is that security costs more than insecurity ever could. And from a purely financial perspective, they are right. That is why current operating systems are insecure.

Until you or some one else finds a way to shift that equation, things aren't going to change. I'd love to see you succeed at it, but I am not sure you really get just how big a mountain you seek to climb. The marketing factors alone make writing a kernel look like child's play.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
μή εἶναι βασιλικήν ἀτραπόν ἐπί γεωμετρίαν
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Last edited by Schol-R-LEA on Sat Jun 24, 2017 12:10 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Latest massive attack on computing systems
PostPosted: Sat Jun 24, 2017 12:09 pm 
Offline
Member
Member
User avatar

Joined: Sat Jan 15, 2005 12:00 am
Posts: 8201
Location: At his keyboard!
Hi,

Schol-R-LEA wrote:
Let me be blunt: the universal conclusion among corporations and government agencies, after years of financial analysis, is that security costs more than insecurity ever could. And from a purely financial perspective, they are right. That is why current operating systems are insecure.


I'm not sure how accurate that is; and suspect it depends on the purpose of the system. Someone like the Dept. of Defence probably has slightly different priorities than a teenager buying a smartphone. ;)


Cheers,

Brendan

_________________
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.


Top
 Profile  
 
 Post subject: Re: Latest massive attack on computing systems
PostPosted: Sat Jun 24, 2017 12:19 pm 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 1058
Location: Athens, GA, USA
Brendan wrote:
Hi,

Schol-R-LEA wrote:
Let me be blunt: the universal conclusion among corporations and government agencies, after years of financial analysis, is that security costs more than insecurity ever could. And from a purely financial perspective, they are right. That is why current operating systems are insecure.


I'm not sure how accurate that is; and suspect it depends on the purpose of the system. Someone like the Dept. of Defence probably has slightly different priorities than a teenager buying a smartphone. ;)


The DoD? Yes and no. They focus primarily on the same physical-access issues that dominated thought back in the 1960s, and rightly so. Most military networking is limited to C^3 (which has its own, physically isolated networks using wired links or transmission protocols which are different from those publicly available - mostly variations on PCM, which is why PCM isn't licensed for civilian radio), not access to equipment, for obvious reasons. No US military hardware is supposed to have had Internet connectivity since the introduction of the public Internet in 1993, and most really secure systems are restricted to local networks and/or sneakernet, relying on an 'air gap' (lack of wired or wireless connections) to remain secure. Hardly any actual combat systems have any networking at all, and almost none have general-purpose networking support that is physically even capable of communicating to civilian systems.

Those parts which are on the public Internet are low priority, mostly PR websites and non-combat functions which use off-the-shelf software; those generally have terrible security, because none of them can do more damage than defacing the Army website or maybe breaking into payroll records.

The same is true for other countries as well, of course. The idea of a 'cyber war' against military targets is misplaced - they are targets, but of agents in place, not networked-based attacks.

As for other agencies, chances are that teenager is more concerned with security than, say, the IRS are going to be. Even a massive intrusion that alters or deletes actual tax records would still be less costly - and less of a PR problem, most likely - than implementing better security would be.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
μή εἶναι βασιλικήν ἀτραπόν ἐπί γεωμετρίαν
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Last edited by Schol-R-LEA on Sat Jun 24, 2017 12:33 pm, edited 5 times in total.

Top
 Profile  
 
 Post subject: Re: Latest massive attack on computing systems
PostPosted: Sat Jun 24, 2017 12:24 pm 
Offline
Member
Member
User avatar

Joined: Tue Aug 02, 2016 1:52 pm
Posts: 286
Location: East Riding of Yorkshire, UK
Sik wrote:
I have the feeling that in a few years our OSes (and possibly new hardware) will have changed to the point they only barely resemble our current systems anymore.
The further away we can get from x86 the better :lol:

Brendan wrote:
Someone like the Dept. of Defence probably has slightly different priorities than a teenager buying a smartphone. ;)
As a teenager, I'm not sure about that.

_________________
com.sun.java.swing.plaf.nimbus.InternalFrameInternalFrameTitlePaneInternalFrameTitlePaneMaximizeButtonWindowNotFocusedState
Compiler Development Forum


Top
 Profile  
 
 Post subject: Re: Latest massive attack on computing systems
PostPosted: Sat Jun 24, 2017 12:43 pm 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 1058
Location: Athens, GA, USA
I need to be a bit clearer, I think, also. I am not saying that they don't do anything about security; they spend billions on it. What I am saying is that they choose not to do a lot of simple, straightforward things that could improve security, because the cost of those measures is higher than the risks involved in not taking them. They do work hard at security, but because it is a cost center rather than a production center (even for government agencies, where profitability isn't an issue), they won't use a security measure if doing so hurts their budget or PR more than the risk assessments indicate an attack would. If the attack does occur, they write it off as just one more operational cost.

And in this case, it would mean many billions in retraining people on the new systems. And yes, this is true even something only system admins have direct contact with - training costs are astronomical for even a minor change, and this would be a huge one. And that's just one part of the cost of changing to a different OS.

It is, as I said, the same logic that leads to poor mine safety and automobile gas tanks which have a risk of exploding during a collision. A few million dollars (and/or a few lives) in cost versus a few billion to prevent that cost (which may or may not even happen)? Not even a question.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
μή εἶναι βασιλικήν ἀτραπόν ἐπί γεωμετρίαν
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Last edited by Schol-R-LEA on Sat Jun 24, 2017 12:49 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Latest massive attack on computing systems
PostPosted: Mon Jun 26, 2017 4:55 pm 
Offline
Member
Member

Joined: Wed Nov 18, 2015 3:04 pm
Posts: 304
Location: San Jose San Francisco Bay Area
Schol-R-LEA wrote:
Let me be blunt: the universal conclusion among corporations and government agencies, after years of financial analysis, is that security costs more than insecurity ever could. And from a purely financial perspective, they are right. That is why current operating systems are insecure.

Until you or some one else finds a way to shift that equation, things aren't going to change. I'd love to see you succeed at it, but I am not sure you really get just how big a mountain you seek to climb. The marketing factors alone make writing a kernel look like child's play.


And let's not forget, any politician or significant figure who says the truth that security is costlier than insecurity will be getting his @$$ wiped out and will go through a lynch-trial.

P.S. With pre-intrusion plan is mostly ineffective, and most commercial entities trump prevention of intrusion, org-s should implement post-intrusion plan be implemented in most org-s to minimize the damage.

_________________
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails


Top
 Profile  
 
 Post subject: Re: Latest massive attack on computing systems
PostPosted: Mon Jun 26, 2017 4:56 pm 
Offline
Member
Member

Joined: Wed Nov 18, 2015 3:04 pm
Posts: 304
Location: San Jose San Francisco Bay Area
Schol-R-LEA wrote:
dozniak wrote:
do not use windows. ever. this is the lamest, least secure system.


This statement really isn't fair, not because it overstates how insecure Windows is, but because it ignores how insecure other operating systems are. None of the current OSes in common use - Windows, Mac OS X, Linux, even FreeBSD - were designed with security in mind, especially the sort of security that we are discussing, because when Unix and MS-DOS/Windows 1.0 were designed, most of the threats seen today didn't really exist except as a few proof-of-concept examples and a couple of 'funny' pranks (such as the once-notorious 'Robin Hood and Friar Tuck' virus on the old Xerox mainframes).

While a significant amount of work had been done on security in the late 1960s and early, including the early development of the Capability-based Security Model, most of it was aimed at preventing either espionage taking place on-site, by a spy with access to a terminal but not to the CPU and disks, or memory corruption caused by a buggy process. More importantly, it was assumed by the researchers that access to computing would be limited to scientists, military personnel, programmers working for businesses and governments, and university students preparing for a career as one of the above. Even in projects aimed at public access to timesharing, such as Multics, the security concerns were primarily focused on password control, of monitoring resource usage for the purposes of billing, and ensuring process isolation.

Some of this work made its way into the mainframe OSes of the time. Some, such as hardware-based capabilities, proved too inefficient (though it may make a comeback someday, I suppose, given the vast improvements in hardware speeds since then - indeed, IIUC the Mill architecture is intended to have a limited form of that at the cache level).

But the Unix didn't do any of that. It was intended as a one-off, a stripped-down version of Multics that was never meant to see the light of day. Thompson and Ritchie deliberately excluded most of the security features that Multics had, because they wanted something that would be fast enough to play Space Travel (a version of the Star Trek game that was making the rounds at the time, with some added graphics influenced by Spacewar!) on a PDP-7, simple enough for two people to write in the off hours, and crucially, without all the aggravatingly bureaucratic access control and billing of Multics. In other words, it was designed to be insecure, because Multics' security was what they were trying to get around by developing it. The first versions - until after the shift from PDP-7 assembly to C in the PDP-11, apparently - didn't even have password protection, and was a single-tasking system originally (hence the punny name).

By the late 1970s, Unix was spreading through the universities as a cheap (a few thousand USD per installation, with few places needing more than one) alternative to RSX (and later, VMS) which, due to the easy access to the source code, could also be used for courses on OS dev and system utilities. It was most definitely not a business system, as AT&T were expressly forbidden from selling software for commercial enterprises until the anti-trust action broke Ma Bell up in 1982 - and they were required to provide source code for the academic and non-profit organizations which they could sell it to. Prior to Version 7, the license didn't even forbid republication of the source code, which is why the Lions book (which included the whole source for version 6) could be sold to other universities up until 1979.

Significant security wasn't really added to Unix until 1981, and then only because ARPAnet's upcoming switch from NCP to TCP/IP included a requirement that systems have some minimal security support (a similar story occurred ten years earlier with ITS, which was passed over by ARPA in favor of Tenex for the primary nodes due to it not even requiring passwords at the time). By then, it was already far too late to retro-fit a proper security model, even by the standards of the time.

Its descendants never were able to fix this, either, as they were still focused on other matters. Apple's priority is UX, while the Linux community has always been diffident about anything that restricts user freedom, so neither group has really made any attempt to change things from the Unix model. FreeBSD and its relatives have done more, but are hamstrung by bug-for-bug compatibility issues, and are pretty leery of restricting users as well. More importantly, they all could coast on the fact that a bigger target existed - Windows - meaning that the brunt of the attacks hit someone else.

MS-DOS came from a completely different tradition as well. When 'micro-computers' (home computers, personal computers) started to appear in the mid-1970s, they were so limited in what they could do - 4KB or less of RAM was typical (the first one, the Altair 8800, shipped as a kit with a memory board that could hold 256 bytes, which filled the entire board with ICs), paper tape was the dominant storage medium for the first couple years (and the reader was an add-on - for the first several months, the primary I/O for the Altair was the toggle switches and LEDs on the front panel), and operating systems were considered an unimaginable luxury - that just getting them to work took precedence. In 1977, as the generation 1 PCs such as the Altair, IMSAI, and Sol gave way to the Gen 2 pre-built models such as the Apple II, the TRS-80, and the Commodore PET, the tape and disk operating systems were focusing just on getting the data in and out of the storage media - most of the file systems didn't even have equivalents to the Unix RWX bits - and the idea that anyone would bother intruding on a machine meant for, and only suited for, mildly obsessive hobbyists would have been met with scorn.

MS-DOS arose in the third generation of microprocessor-based personal computers, and like CP/M, was written with no consideration for security to speak of. The file system had no subdirectories, access bits, or provision for user-defined hidden files until version 2.1, which borrowed a lot of things from Unix (which, as I already stated, wasn't exactly designed with security in mind). No one thought that these simple, monotasking, disk-oriented file managers would ever need more.

The rise of the public Internet took everyone by surprise. No one had any expectation that computers would be as ubiquitous as they have become. We are stuck with operating systems, and a model of operating system design, which treats security as a problem instead of a solution - one which puts it as the very lowest priority, at best.

And it isn't as if companies haven't tried to sell the public more secure systems. MS and the Linux Group are painfully aware of how terrible their security models are, but trying to fix them always runs into user opposition due to it being intrusive and restrictive. Hell, MS had to remove security features from the NT kernel to make XP palatable to the consumers, not due to technical limitations but because focus groups shown the beta of XP complained about how much hassle it was. The intrusive security warnings in Vista were one of the main complaints about it, too, so they toned those down in 7, knowing full well that it would compromise security. The public simply doesn't care about security.

For the most part, neither do corporations or governments. The break-ins at Target, Sony Pictures, the Social Security Administration, and other places were all things which could have easily been avoided, but the preventatives were all deemed too expensive and/or complicated to implement - not just before they happened, but afterwards, too. It is cheaper and easier to simply swallow the costs and consequences than it is to fix the problems. The entire software industry follows the same line of thinking that gave us the Pinto Memo.

Think you can do better? Probably not. The majority of posters here seem to forget the hard icky parts like security, while those who do take it seriously such as Brendan and myself talk a good game but have little to show for it. Most of the really useful information on security is buried in research journals which we don't even have access to, never mind read. Even if one of the operating systems here got some traction - which is about as likely as the developers' feet getting traction on the surface of Mars - the odds are it would be one which succeeded in part because it ignored the costly and time-consuming security operations.

You know, like Unix, Linux, Mac OS, and Windows do.

TL;DR - It isn't that Windows is less secure, it is that the others can get away with insecurity as long as Windows is around to draw fire from them. The OSes we have now? Insecure by design, and they only succeeded in the first place because they were. Users, and hence developers, see security as a nuisance rather than a protection, meaning a secure OS will always fail in the marketplace, at least if it doesn't have a killer app of sufficient importance that it overcomes the resistance to improved security by the users.

PS: Riddle me this, Brendan: if the secure computing niche you claim to be targeting exists, and is large enough for someone to make a profit filling it, why hasn't it been filled yet? If your answer is anything along the lines of 'because no one has been smart enough to fill it before,' then I recommend you step back and take a long, hard look at your assumptions. Dozens, if not hundreds, of firms have tried to sell operating system security, and all failed, even when they had genuinely superior products; these businesses range from one-man startups to giants like IBM, Oracle, DEC, Microsoft, and General Dynamics (yes, the monster all-encompassing defense contractor the US government is so in love with tried to tackle this, more than once), each of whom threw billions down that rat hole. What makes you think you'll do better?

Just FYI, i read it from start to finish.

_________________
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails


Top
 Profile  
 
 Post subject: Re: Latest massive attack on computing systems
PostPosted: Tue Jun 27, 2017 12:55 pm 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 1058
Location: Athens, GA, USA
ggodw000 wrote:
Just FYI, i read it from start to finish.


Thank you. I suspect you might be the only one who has.

I repeat my earlier question to Brendan: if there really were a need and demand on the part of corporations, government agencies, and NPOs for a more secure OS, and they could (more importantly) afford to re-train their staff and change their existing practices to use it, don't you think one of the many, many other companies which have tried to sell such an OS would have made some headway?

Brendan, you are a good developer, but you are not the best OS designer in history. That honor goes to Edsgar Dijkstra, I suspect. Where is the THE operating system today? Of all the people who quote him, how many have actually read what he wrote in his books and papers (that reminds me, I need to replace my lost copy of ADoP...)? How many people quoting him even know that THE even existed? While it was by no means anything like a modern system - it was, among other things, primarily batch-processed, with only the admins working with it directly, a method that was already on the way out in 1966 for everyone except IBM - nonetheless it was the pinnacle of OS design in its day. Think about that.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
μή εἶναι βασιλικήν ἀτραπόν ἐπί γεωμετρίαν
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Top
 Profile  
 
 Post subject: Re: Latest massive attack on computing systems
PostPosted: Tue Jun 27, 2017 4:24 pm 
Offline
Member
Member
User avatar

Joined: Sat Jan 15, 2005 12:00 am
Posts: 8201
Location: At his keyboard!
Hi,

Schol-R-LEA wrote:
I repeat my earlier question to Brendan: if there really were a need and demand on the part of corporations, government agencies, and NPOs for a more secure OS, and they could (more importantly) afford to re-train their staff and change their existing practices to use it, don't you think one of the many, many other companies which have tried to sell such an OS would have made some headway?


Have you got any idea how many millions of $$$ companies like IBM and HP make from selling mainframes/servers running AIX and HP/UX? I'll give you a hint - it's enough $$$ to fund entire ISAs (PowerPC and Itanium). Is "millions of $$$ each year for decades" the sort of headway you think doesn't exist?

Schol-R-LEA wrote:
Brendan, you are a good developer, but you are not the best OS designer in history. That honor goes to Edsgar Dijkstra, I suspect. Where is the THE operating system today? Of all the people who quote him, how many have actually read what he wrote in his books and papers (that reminds me, I need to replace my lost copy of ADoP...)? How many people quoting him even know that THE even existed? While it was by no means anything like a modern system - it was, among other things, primarily batch-processed, with only the admins working with it directly, a method that was already on the way out in 1966 for everyone except IBM - nonetheless it was the pinnacle of OS design in its day. Think about that.


I have no idea why you think any of this has anything to do with security at all, or why you think it's relevant at all. Note that I have never claimed to be the best OS designer in history; and while Edsgar Dijkstra is an important (and impressive) pioneer, pioneering is easy when nobody came before you.


Cheers,

Brendan

_________________
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 54 posts ]  Go to page Previous  1, 2, 3, 4

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group